|
Hi All, I’m working on Windows application that uses libldap built with cyrus sasl and MIT Kerberos and I’m having issues with Kerberos authentication on AD. I have tested with various applications and Kerberos is working properly on server. In my app I’m using ldap_sasl_interactive_bind_s(mLdapObj, NULL, "GSSAPI", NULL, NULL, LDAP_SASL_INTERACTIVE, my_ldap_sasl_interact, defaults)
in order to bind with server, but I get error -2 (Local error). I have debugged the app and I have found that there is an issue with Keberos Credentials Cache. Because I haven’t set credentials cache location, Kerberos reads this location from
KRB5CCNAME
environment variable. So my first question is : Is there any API in libldap, so we can set our own contact cache location? But even when I set this variable, I get same error when I try to bind. After some more debugging I found that Kerberos expects that I already have credentials cache file created, and
that there is a ticket in it(as a I have called kinit before bind). Is there an API in libldap, that will call Kerberos API for credentials cache and ticket obtaining operations, which we can call before bind, or we need to call Kerberos API directly
? Thank you for your help. Best Regards, Petar Kovacevic |